ioc[.]one - OSINT Cyber Threat Intelligence Database

Hijacking NTLM-powered Mobile Apps (Part 2 - Relaying with Metasploit)

Tags

attack-pattern:

Dns - T1071.004 Dns - T1590.002 Python - T1059.006 Server - T1583.004 Server - T1584.004 Web Service - T1481 Tool - T1588.002 Sudo - T1169 Web Service - T1102

Show in Graph

Common Information

Type	Value
UUID	be22d334-e6a1-4a88-a746-2e5d7e2d2aea
Fingerprint	ae1369515539d6a4
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 1, 2018, midnight
Added to db	Jan. 18, 2023, 9:49 p.m.
Last updated	Nov. 14, 2024, 7:54 p.m.
Headline	Hijacking NTLM-powered Mobile Apps (Part 2 - Relaying with Metasploit)
Title	Hijacking NTLM-powered Mobile Apps (Part 2 - Relaying with Metasploit)
Detected Hints/Tags/Attributes	31/1/8

Source URLs

	Redirection	Url
Details	Source	https://initblog.com/2018/ntlm-mobile-app-relay/

URL Provider

Details	Provider	Source level domain
Details	initblog.com	initblog.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		httpspy.py
Details	Domain	1		mobileapi.com
Details	File	1		httpspy.py
Details	File	2		webservice.asmx
Details	File	1		http_ntlmrelay.rb
Details	IPv4	295		8.8.8.8
Details	IPv4	4		192.168.12.1
Details	Url	1		https://mobileapi.com/webservice.asmx